According to TAG, the attacks are carried out by a group of Russian-speaking hackers recruited from a forum, who then sell the already hacked YouTube channels to whoever pays the highest price.
How do the hackers gain access to the YouTube channels?
The mode of operation of these hackers in the ongoing phishing campaign against YouTube creators is that they typically offer fake collaborations to the real channel owners, resulting in the channels being compromised and eventually being sold off for live streaming crypto scams.
So far, several of the channels that the hackers have taken control of have been rebranded to broadcast cryptocurrency scams.
The hackers sell the hijacked channels for prices ranging from $3 to $4,000, depending on the number of subscribers on the channel.
According to reports, the hacks are being carried out with the help of cookie theft malware, which is fake software that has been configured to run undetected on a victim’s computer. After successfully gaining access to the victim’s account, the hackers change the names, display pictures, and entire content of the YouTube channels to resemble major cryptocurrency exchange firms and large tech companies.
Google said that the attacker broadcasted videos promising cryptocurrency giveaways after viewers made an initial contribution in one instance.
Google has since shared the above information with the Federal Bureau of Investigation (FBI) of the United States to conduct a more thorough investigation.